"And finally, targeted parties need to be able to hold the originating and intermediate networks financially liable for all the costs involved, not just the small fraction of the access bill for the downtime, when those networks failed to enforce 3704 compliance."
One point of contention, it's probably minor to most. Say I order a private vlan from some IXP. Should the IXP be responsible for BCP38, after all the connection itself is just traversing their network to another provider. They certainly can not filter bogons, and how are they to know what ASNs or IPs should traverse that link.
In my book and even knowing now, he's Conservative, he belongs and needs to be seen in any list supporting Clinton. He would most likely accept $1500.00 to attend another public gathering to create chaos for the insane idiot Hilary Clinton. Considering the historical events following her, he would most likely end up dead and in a ditch somewhere.
You need a new book. Perhaps one that doesn't require you to see everything through a political lens.
And one that doesn't encourage embracing delusional conspiracy theories just because they reinforce your point of view.
This is indeed the golden age of snark. I love it, but I fear parts of 4chan are flying too close to the sun on Pepe-shaped wings of wax. I'd love it if normie institutions could understand that if something is extremely absurd on the Internet to the point of opposites combining, it's probably a troll. But instead we have people freaking out over Twitter NEETs with avatars of an anime, My Little Pony, or Pepe variety. Because for some reason, normies see nothing off with the concept of brutish skinhead neo-nazis watching cartoons meant for little girls.
It's always stunned me how police supporters use the 'few bad apples' line as a defence, seemingly completely ignorant of the whole expression and what it really means. People might have been ok with just a few bad apples, but instead they now see a spoiled barrel.
What if "Abe List" had made similar comments about someone other than Woods...perhaps a teen with depression...that eventually committed suicide as a result of being slandered in public...Would his actions have been okay then? Should the teen's family be entitled to legal recourse?
No one said that Abe was a saint. In fact, lots of people said he was obnoxious. We, in fact, described him as a troll. But what he did was still perfectly legal.
We've discussed multiple times before that if someone commits suicide, you should never blame people who were mean to them. This only gives more power to suicide and creates a way for people who are killing themselves to "get back" at people who were mean by killing themselves. It encourages more suicide and it's wrong. No one knows why any individual actually commits suicide. So bad example.
Internet fights often devolve into name calling. That alone is not libel (also, look up what slander is, because tweets can never be slander). This is basic First Amendment stuff.
Why is it that it is considered "hate" in only one direction?
No one did. Everyone admits that what Abe did was obnoxious. But it's one thing to be an obnoxious troll on the internet, and another to sue the person for $10 million, try to unmask them, and then celebrate their death. If you can't tell the difference, you've got issues.
I doubt Woods sought out some unknown person to start a fight with.
That's the whole point. Abe was an unknown person, with a tweet that almost no one saw, and Woods threw a hissy fit.
But fundamentally, if we want anything resembling a secure IoT, we're going to have to figure out a way to make it more expensive for companies to ship a vulnerable product than it is for them to fix it first, because the attack surface isn't going to get smaller.
here's a more solid start, based on use of MITRE's CVE system.
Assume Samsung is selling IoT enabled toasters, because why not. Everything's better with a network stack. Anyway, MSRP on this toaster is $100usd and Samsung releases the product Jan 1, 2017, and ships 1000 toasters.
Now, if there are no open CVE's on any component of the IoT stack on this toaster in the 90 days before Samsung ships, they're effectively insulated from liability. Oh, and in that world, the sky is Fuscia.
But, If there _is_ an open CVE was announced >= 90 days before Samsung launches the product, _and_ it gets exploited, Samsung is the hook for 5% of the MSRP for each unit sold of said product for every 90 days of age on the CVE.
Example: Samsung begins selling their IoT enabled toaster (MSRP == $100usd) on Jan. 1, 2017. And they sold 1000 of them on day 1. Said toaster has a vulnerability that was announced on Aug. 15, 2016 (just outside the 90 day grace period). If one of these toasters gets exploited and causes trouble, Samsung is going to write a check for (5% of $100) == $5 for each of the 1000 toasters sold as of the date of the CVE being exploited, plus the same fine going forward for each non-patched unit they sell.
Now, pretend that vuln wasn't released on Aug. 1, 2016, it was release on Aug. 1, 2016. Same ship date, same quantity. Except now instead of 5% per toaster, it's 10%. Add 5% for every 90 day interval of CVE age. Also, allow the total penalty per unit to exceed 100% of MSRP with no upper bound. So, you release an IoT enabled toaster with a 12 year old ssh vuln, and it gets exploited? assume qty 4-90 day periods / year to make it easy, now your penalty is (48 * $5) = $240 * 1000 = $240k in fines for each $100MSRP toaster you sold.
And why use MSRP as the basis for the penalty? Well, because it's both easy to validate and publicly verifiable.
No grace period, no appeal, cut a check to a high school to fund a secure coding class, because CVE's are public and theres no way the organization "couldn't have known".
Oh, and multiple CVE's? 5% per CVE, and scale it out.
If you can verifiably patch these toasters 100% then you restart the clock from the time the patch was pushed to the toaster. If you can't patch them, well, eventually you'll get to write a check big enough to make the board pay attention.
Bonus: Specifically disallow said penalties as a loss for tax purposes.
As to your other question: It's a Samsung toaster running a google code, Samsung pays. It's their label. If Samsung wants to go back and fight it out with Google based on contract terms, that's fine, Samsung can attempt to recoup their (already paid) losses from Google.
(yeah, I know. There's no chance this or anything like it will ever happen.)
Working in government is weird. Many times you can get away with murder, because it's convenient and gets the job done. Getting the job done is job number one in government. There was a saying in my government office, "You can make any policy you want, but be sure people are going to go around, under, over, or through to get their jobs done."
In my mind this guy was good at his job, and his supervisors turned a blind eye to his actions. Maybe they knew, or maybe they didn't, but I can guarantee you that not one of his supervisors would admit to knowing anything about his actions.
How good of an government employee I'm not sure, but we will be able to tell soon, because the first job of any good government employee is to create your CYA file. I knew of some people who had many cabinet draws full of pictures, memos, emails, and all kinds of evidence covering their actions.
The cardinal rule of government employment is to never do anything unless you have it in writing. Those who don't follow this rule become scapegoats, and are crucified in the audits and cover-ups that are common in government.